...
- Update the JOC Cockpit to release 1,11.5 following the procedure described in the JOC Cockpit - Installation article.
- Start the Jetty Web Server / check that the Web Service is running.
- Log into the JOC Cockpit with a user account that has edit permissions for the Manage Accounts view. (In the default configuration root and administrator accounts have the necessary permissions.)
- Go to the Manage Accounts view in the JOC Cockpit. Ensure that the Accounts tab is selected, showing the current user accounts.
Copy and uncomment the following two lines from the
[main]
section of theshiro.ini-example
file to the [main] section of theshiro.ini
file:Code Block language text passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher iniRealm.credentialsMatcher = $passwordMatcher
- Delete all user accounts from the
shiro.ini.active
file (they will not be lost from the JOC Cockpit). - Save the
shiro.ini.active
file. - Open the Edit Account modal window for any user.
- Click on Submit.
- All user accounts (Account Names, Passwords and Roles) will now be written back into the
shiro.ini
file by the JOC Cockpit and the Passwords will now be saved as hashed values. Users will be able to log in as before the update and new Passwords can be entered in plain text and will be saved as hashed values. - Save the
shiro.ini.active
file under the nameshiro.ini
- logout
- login
Activating Password Hashing in Releases 1.11.0 to 1.11.4
...